SOC 1

The American Institute of Certified Public Accountants (AICPA) Service Organization Controls (SOC) reports give assurance over control environments as they relate to the retrieval, storage, processing, and transfer of data. The reports cover IT General controls and controls around availability, confidentiality and security of customer data. The SOC 1 reports are primarily concerned with examining controls that are relevant for the financial reporting of customers. Additional information can be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc1report.html

Name	Updated On	Infrastructure	Services
SOC 1 Bridge (Gap) Letter - Commerce Cloud	2026-01-06	First party Hyperforce	B2C Commerce / Commerce Cloud (First Party) B2C Commerce / Commerce Cloud (Hyperforce)
SOC 1 Bridge (Gap) Letter - Heroku	2026-01-06	AWS	Heroku
SOC 1 Bridge (Gap) Letter - MuleSoft	2026-01-06	AWS	MuleSoft
SOC 1 Bridge (Gap) Letter - OwnCompany Inc.	2026-01-06	Hyperforce	Own by Salesforce
SOC 1 Bridge (Gap) Letter - Salesforce Data Cloud	2026-01-06	Hyperforce	Data Cloud Tableau Next
SOC 1 Bridge (Gap) Letter - Salesforce Services	2026-01-06	First party AWS	Salesforce Services (First Party) Salesforce Services (Hyperforce) Tableau Next
SOC 1 Bridge (Gap) Letter - Salesforce Services on Hyperforce	2026-01-06	Hyperforce	B2C Commerce / Commerce Cloud (Hyperforce) Data Cloud Salesforce Services (Hyperforce) Tableau Next
SOC 1 Bridge (Gap) Letter - Spiff	2026-01-06	GCP	Salesforce Services (First Party)
SOC 1 Bridge (Gap) Letter - Spiff on Hyperforce	2026-01-06	Hyperforce	Salesforce Services (Hyperforce)
SOC 1 Report - OwnCompany Inc. (Recover, Archive, Accelerate and Secure)	2025-12-19	AWS Azure	Own by Salesforce

Name

Updated On

Infrastructure

Services

SOC 1 Bridge (Gap) Letter - Commerce Cloud

2026-01-06

First party

Hyperforce